Context Navigation

Eleventh issue of Tor Weekly News. Covering what's happening from from September 4th, 2013 to September 10th, 2013. To be released on September 11th, 2013.

Editor:

Subject: Tor Weekly News — September, 11th 2013

========================================================================
Tor Weekly News September 11th, 2013
========================================================================
Welcome to the eleventh issue of Tor Weekly News, the weekly newsletter that
covers what is happening in the XXX Tor community.
Tor 0.2.4.17-rc is out
----------------------
On 5th September, Roger Dingledine announced the release of a new release candidate
for Tor 0.2.4 series [XXX]. It comes with very handy feature in the current situation [XXX]
- prioritizing faster and safer circuit-level handshakes "NTor" over "TAP" used by
0.2.3 clients.
“Relays now process the new "NTor" circuit-level handshake requests with higher
priority than the old "TAP" circuit-level handshake requests. We still process
some TAP requests to not totally starve 0.2.3 clients when NTor becomes popular.
A new consensus parameter "NumNTorsPerTAP" lets us tune the balance later if we
need to. Implements ticket 9574 [XXX].”
Roger asks relay operators to consider upgrading to 0.2.4.17-rc version due the huge
circuit overload we see nowadays [XXX]. Upgrading to development branch is surprisingly
easy using this guide [XXX].
[XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html
[XXX] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
[XXX] https://trac.torproject.org/projects/tor/ticket/9574
[XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002701.html
[XXX] https://www.torproject.org/docs/debian.html.en#development
XXX:Expand
Monthly status reports for XXX month 2013
-----------------------------------------
The wave of regular monthly reports from Tor project members for the
month of XXX has begun. XXX released his report first [XXX], followed
by reports from name 2 [XXX], name 3 [XXX], and name 4 [XXX].
[XXX]
[XXX]
[XXX]
[XXX]
MOAR reports:
Sukhbir Singh https://lists.torproject.org/pipermail/tor-reports/2013-September/000326.html
Matt Pagan https://lists.torproject.org/pipermail/tor-reports/2013-September/000327.html
Ximin Luo https://lists.torproject.org/pipermail/tor-reports/2013-September/000328.html
Nima https://lists.torproject.org/pipermail/tor-reports/2013-September/000329.html
Pearl Crescent https://lists.torproject.org/pipermail/tor-reports/2013-September/000330.html
Andrew Lewman https://lists.torproject.org/pipermail/tor-reports/2013-September/000331.html
Mike Perry https://lists.torproject.org/pipermail/tor-reports/2013-September/000332.html
Kelley Misata https://lists.torproject.org/pipermail/tor-reports/2013-September/000333.html
Nick Mathewson https://lists.torproject.org/pipermail/tor-reports/2013-September/000334.html
Jason Tsai https://lists.torproject.org/pipermail/tor-reports/2013-September/000335.html
Tails https://lists.torproject.org/pipermail/tor-reports/2013-September/000336.html
Aaron https://lists.torproject.org/pipermail/tor-reports/2013-September/000337.html
Damian Johnson https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
Miscellaneous news
------------------
Thanks Frenn vun der Enn [XXX] for setting up a new mirror [XXX] of the
Tor project website.
[XXX] http://enn.lu/
[XXX] https://lists.torproject.org/pipermail/tor-mirrors/2013-September/000351.html
With the Google Summer of Code ending in two weeks, the students have
sent their the next to last reports: Kostas Jakeliunas for the
Searchable metrics archive [XXX], Johannes Fürmann for EvilGenius [XXX],
and Hareesan for the Steganography Browser Extension [XXX].
[XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005380.html
[XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005394.html
[XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005409.html
Damian Johnson anounced [XXX] he had completed the rewrite of DocTor in
Python [XXX], “a service that pulls hourly consensus information and
checks it for a host of issues (directory authority outages, expiring
certificates, etc). In the case of a problem it notifies
tor-consensus-health@ [XXX], and we in turn give the authority operator
a heads up.”
[XXX] https://lists.torproject.org/pipermail/tor-reports/2013-September/000338.html
[XXX] https://gitweb.torproject.org/doctor.git
[XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health
Vulnerabilities
---------------
XXX: Reported vulnerabilities [XXX].
[XXX] vulnerability report source
Help Desk Roundup
-----------------
We had a number of emails this week asking about the recent stories in
the New York Times, the Guardian, and Pro Publica regarding NSA's cryptographic
capabilities. Some users asked whether there was a backdoor in Tor. Others asked
if Tor's crypto was broken.
There is absolutely no backdoor in Tor. We have been vocal in the past about how
tremendously irresponsible it would be to backdoor our users[xxx]. We also have
an FAQ entry explaining some ways we would fight back if anyone tried[xxx].
We do not have any more facts about NSA's cryptanalysis capabilities than have
been published in newspapers. However it is the belief of many Tor developers
that even considering these new developments, Tor's encryption is effective.
Tor uses TLS for link encryption. If the TLS is good, an outside attacker can't
even get to Tor's crypto. If the TLS is bad, good thing we have Tor's crypto.
Breaking SSL/TLS could involve something besides cracking cryptographic
primitives. For example an attack could be accomplished by finding some
vulnerability in the way the https protocol is implemented, or by compromising
the computers of Certificate Authorites to get their private keys. Or by legally
coercing Certificate Authorities to hand over their private keys and shut up
about it. I'm sure there are other ways it could be done as well. The math that
makes encryption hard to break still stands. Tor's code is completely open source
and has many eyes inspecting it. The encryption that Tor uses is summarized on the
FAQ page[xxx] and detailed in the Tor specification[xxx].
[xxx]: https://blog.torproject.org/blog/calea-2-and-tor
[xxx]: http://www.torproject.org/docs/faq.html.en#Backdoor
[xxx]: https://www.torproject.org/docs/faq.html.en#KeyManagement
[xxx]: https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt
Ways to Contribute This Week
----------------------------
[XXX : experimental section carried over from last week, trial will run 4 weeks ]
Upcoming events
---------------
Jul XX-XX | Event XXX brief description
| Event City, Event Country
| Event website URL
|
Jul XX-XX | Event XXX brief description
| Event City, Event Country
| Event website URL
This issue of Tor Weekly News has been assembled by XXX, XXX, and
XXX.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [XXX], write down your
name and subscribe to the team mailing list [XXX] if you want to
get involved!
[XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team